koliveira15 / nx-sonarqube Goto Github PK
View Code? Open in Web Editor NEWA Nx plugin that scans projects using SonarQube / SonarCloud.
License: MIT License
A Nx plugin that scans projects using SonarQube / SonarCloud.
License: MIT License
I really like this plugin,
I think creating a generator that can activate coverage reports in a target and all its dependant libraries.
This could also be then called in the init generator also to as an option. This will then ensure that all tests are configured also.
This should work for both vite
and jest
especially when #62 is introduced for #54.
Create bugfix issue template
utils.ts is too large. break the file up in logical parts (dep-graph, test-runners, scan, etc)
It seems that v2.2.0 still relies on nx 15.
e.g. in node_modules/@koliveira15/nx-sonarqube/src/executors/scan/executor.js
we can see that the code still requires @nrwl/devkit
(nx <16 style) instead of @nx/devkit
"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
const tslib_1 = require("tslib");
const devkit_1 = require("@nrwl/devkit"); // <-----------
const utils_1 = require("./utils/utils");
This prevents any project (or at least ours :D) that uses nx 16 to use this dependency.
It seems the issue has been solved by this commit a few days ago, whereas the latest publish to npm is roughly one month old. I assume therefore that just publishing to npm would solve the issue for dependant projects.
Thank you very much, feel free to write me if you need more info, or if I can support you in any way :)
Deploy docs site to GitHub pages
AC1: Workflow
Given a branch is created
When I push code to the branch
Then the CI workflow executes
And build, lint, test is executed
And the Nx Cloud report is generated
And the status check is set
Create feature request issue template
I am not quite sure if it is a bug or an error on my side, but I will just share my experience.
I have structured my app completly as library components, but grouped app specfic components in a folder with the name of the app like this:
libs/appName/home/feature/lib
it includes all relevant sources, but tells me:
"Skipping appName as it does not have a test target"
Is that an error on my side, or might that be a problem in the plugin? If you need any more information let me know.
It is not clear how users should override the SONAR_SOURCES
/ sonar.sources
value, or even how this is set internally within nx-sonarqube.
Issue 1
The docs allow an "extra" property:
A key value pair for any extra sonar variable that is not included in the list above
that can be anything described in the sonar analysis scope. However, this is actually overwritten by custom logic in the plugin πΏ.
Request: Could you make it clear in the docs that this property can not be set via extras
? Note: it can be overwritten by an env var, but I can not leverage this for my use-case because we run many nx targets together.
Issue 2
Additionally, my local scans never worked. When I tried to find out why, I see that this library depends on an optional property from the nx project.json
. This assumes that all consumers set this value (which is not true).
Request: Even if this approach using sourceRoot
remains, it would be great to print an error to the console and fail the scan if this value is not set.
Thanks β€οΈ (and awesome plugin π )
Since it's not a change coming from this PR, I suggest opening another β dedicated β PR to tackle this.
Originally posted by @C0ZEN in #62 (comment)
While running nx run my-app:sonar
it only includes libs which are direct dependencies of my-app
.
For example if my-app
has 2 libs lib-a
and lib-b
which are directly imported in my-app
the command will only detect these 2 libs.
If these two libs further has dependencies scanner is not able to include them as dependent to analyze code. It should scan them too as they are also being used as dependency indirectly by my-app
.
In actual application I have configured test to run with deps when I'm running nx test my-app
, with it shows 98 deps.
But with sonar I can see it only detect 32 direct Deps. Not detecting libs which are dependent of other libs which are not direct dependent.
```
Community plugins:
@ngrx/effects: 13.1.0
@ngrx/entity: 13.1.0
@ngrx/router-store: 13.1.0
@ngrx/store: 13.1.0
rxjs: 6.6.7
@ngrx/schematics: 13.1.0
@ngrx/store-devtools: 13.1.0
Hey,
i want to override the tsconfigPath for each app. When I set sonar.typescript.tsconfigPath in the "extra" key of the config it will always use the tsconfig.base.json
here you explicit use the base config. Is there any reason why you choose to not let that variable be customized?
The current implementation allows the user a select variables to be passed to the scanner. This is a problem is the scanner has a plethora of variables that needs to be defined for different cases.
This PR allows the user add extra options via an extra object in the project json or via environment variables.
Run e2e test against the repo's sonar rather than dynamically creating a workspace for it
In azure devops, a detached head is created, forcing us to do this with nx:
- script: yarn nx affected --base=$(BASE_SHA) --head=$(HEAD_SHA) --target=sonar --parallel=1 env: SONAR_TOKEN: $(SONAR_TOKEN)
When we turn branches: true, it only ever shows 'HEAD' in sonarqube as a result. Using SONAR_BRANCH also does not work because sonar.branch is deprecated and we have to use sonar.branch.name
AC1: E2E
Given I have access to the repo
When I push changes
Then e2e tests are executed in CI
Sonar provides the ability to Narrow the Focus by setting scope for source and test paths. This helps, for example, avoid including test files in coverage reports.
If your spec files live along-side the files they test, you may want to set these params:
'sonar.tests': paths.sources()
'sonar.test.inclusions': '**/*.spec.ts'
Adding testInclusions
as a string param would be straight forward. Assuming sonar.tests
is always the same as sources might not serve every use case. An alternative approach could be:
interface ScanExecutorSchema {
// existing properties not included for brevity
testInclusions?: string;
tests?: string;
testsPathsFromSources?: boolean;
}
... and then determine what to send to the scanner like:
'sonar.tests': options.testPathsFromSources ? paths.sources : options.tests,
'sonar.test.inclusions': options.testInclusions
Firstly, this plugin looks awesome, I'm running some tests to use it in my established monorepo to deal with the exact scenario this plugin is meant to handle, as we currently have all our code under one big sonarqube umbrella.
But more importantly, we use the OWASP Dependency Check tool in our CI, and to pass that data to SonarQube it requires a couple extra arguments, like sonar.dependencyCheck.jsonReportPath
. Is there a good way to add those options? Should I look at maybe submitting a PR that can add that ability?
When upgrade to Nx 17, npm is not able to resolve peer dependencies properly
Could not resolve dependency:
peer @nx/devkit@"16.7.4" from @koliveira15/[email protected]
node_modules/@koliveira15/nx-sonarqube
dev @koliveira15/nx-sonarqube@"3.2.0" from the root project
Conflicting peer dependency: @nx/[email protected]
node_modules/@nx/devkit
peer @nx/devkit@"16.7.4" from @koliveira15/[email protected]
node_modules/@koliveira15/nx-sonarqube
dev @koliveira15/nx-sonarqube@"3.2.0" from the root project
We are building a Design System, and we would like to see Sonar Analyses for each of our lib independently.
At the moment, if A is dependent of B, I will have the bugs of B and A inside the analytics.
For example:
flowchart LR
subgraph libraries[nx run A:sonar]
B[Library B containing 5 bugs] -.-> A[Library A containing 1 bug]
end
libraries --> Result[6 bugs in total]
What I would like:
flowchart LR
subgraph libA[nx run A:sonar]
A[Library A containing 1 bug]
end
subgraph libB[nx run B:sonar]
B[Library B containing 5 bugs]
end
libA --> ResultA[1 bug in total]
libB --> ResultB[5 bugs in total]
Do you think it would be possible to provide an option for this use case ? π
Thanks in advance and have a nice day !
Hello,
When I try to run the plugin using nx run-many
, the plugin try to find the package.json
in the dα»ectory of each application end raise an error ENOENT: no such file or directory
since there is only project.json
It is not make the command failed but seem annoying when I try to read the console log. Could you check this please?
Thank you
I tried to run this lib on my nodejs nx project and I am getting, Cannot find configuration for XXX
I went to the code and found this code section:
function readProjectConfiguration(tree, projectName) {
const allProjects = readAndCombineAllProjectConfigurations(tree);
if (!allProjects[projectName]) {
// temporary polyfill to make sure our generators work for existing angularcli workspaces
if (tree.exists('angular.json')) {
const angularJson = toNewFormat((0, json_1.readJson)(tree, 'angular.json'));
if (angularJson.projects[projectName])
return angularJson.projects[projectName];
}
throw new Error(`Cannot find configuration for '${projectName}'`);
}
return allProjects[projectName];
}
Does only angular supported?
This plugin doesn't have an Nx version listed in the Nx Plugin Registry because the plugin doesn't include @nx/devkit
as a dependency. Could you please release a version that fixes that?
Thanks,
Isaac (Nx Team)
I'm using this scan executer in Gitlab CI where its not able to recognize the branch names.Please refer the image.
Update readme with proper links
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR!
npm ERR! While resolving: @data-delivery/[email protected]
npm ERR! Found: @nx/[email protected]
npm ERR! node_modules/@nx/devkit
npm ERR! @nx/devkit@"18.0.1" from the root project
npm ERR!
npm ERR! Could not resolve dependency:
npm ERR! peer @nx/devkit@">= 16 < 18" from @koliveira15/[email protected]
npm ERR! node_modules/@koliveira15/nx-sonarqube
npm ERR! dev @koliveira15/nx-sonarqube@"^3.4.0" from the root project
npm ERR!
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
With nx Crystals, NX changed the way jest is called. (https://nx.dev/concepts/inferred-tasks)
If you don't have a test target in your project.json
but a jest config in the project, nx:run-commands
is used as an executor instead of @nx/jest:jest
,
e.g.:
{
outputs: [ '{workspaceRoot}\\coverage\\libs\\shared\\entities' ],
executor: 'nx:run-commands',
inputs: [ 'default', '^production' ],
cache: true,
options: { cwd: 'libs/shared/entities', command: 'jest' },
configurations: {}
}
Also the options for the testTarget will be different
the options are:
{ cwd: 'libs/shared/entities', command: 'jest' }
My workaround is to force @nx/jest:jest
as the executor in all projects and to configure it under targetDefaults
in nx.json
like in NX < 18
This issue won't affect old workspaces but definetly new or old ones opting in for nx plugins to infer tasks
Would it be possible to make it work with Vitest as well?
Hi,
Currently running the scanner on version 0.3.5, however the scanner currently includes twice paths in the project configuration.
Here's the project configuration:
"options": {
"name": "shared-libs",
"hostUrl": "http://localhost:9000",
"projectKey": "shared-backend",
"skipTargetDefaults": false,
"branches": false,
"qualityGate": true,
"qualityGateTimeout": "300",
"skipImplicitDeps": true,
"extra": {
"sonar.javascript.lcov.reportPaths": "libs/shared/coverage/lcov.info",
"sonar.testExecutionReportPaths": "libs/shared/reports/test-sonar-report.xml",
"sonar.dependencyCheck.htmlReportPath": "dependency-check-report.html",
"sonar.externalIssuesReportPaths": "image-scan-sonar-report.json",
"sonar.test.inclusions": "libs/shared/src/**/*.spec.ts"
}
}
Command run on one the mono-repo sub-projects: npx nx run shared:sonar
Here's the error:
INFO: Load quality profiles
INFO: Load quality profiles (done) | time=30ms
INFO: Load active rules
INFO: Load active rules (done) | time=408ms
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: **/*.spec.ts
INFO: Included tests: **/*.spec.ts
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 1.789s
INFO: Final Memory: 12M/68M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarScanner execution
ERROR: File libs/shared/src/dto/index.ts can't be indexed twice. Please check that inclusion/exclusion patterns produce disjoint sets for main and test files
Would you see any missing configuration or adjustments are missing here ? Tried setting the testInclusions
however it also get doubled in the project excluded sources, ie. set testInclusions to libs/shared/src/**/*.spec.ts, it gets duplicated in excluded sources as shown below:
"sonar": {
"executor": "@koliveira15/nx-sonarqube:scan",
"options": {
"name": "shared-libs",
"hostUrl": "http://localhost:9000",
"projectKey": "ATC-shared-backend",
"skipTargetDefaults": false,
"branches": false,
"qualityGate": true,
"qualityGateTimeout": "300",
"skipImplicitDeps": true,
"testInclusions":"libs/shared/src/**/*.spec.ts",
"extra": {
"sonar.javascript.lcov.reportPaths": "libs/shared/coverage/lcov.info",
"sonar.testExecutionReportPaths": "libs/shared/reports/test-sonar-report.xml",
"sonar.dependencyCheck.htmlReportPath": "dependency-check-report.html",
"sonar.externalIssuesReportPaths": "image-scan-sonar-report.json",
"sonar.test.inclusions": "libs/shared/src/**/*.spec.ts"
}
}
}
Error:
INFO: Indexing files...
INFO: Project configuration:
INFO: Excluded sources: libs/shared/src/**/*.spec.ts
INFO: Included tests: libs/shared/src/**/*.spec.ts
INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
The current implementation of the plugin detects jest config files defined in the project and tries to parse their coverageDirectory to add any coverage files in these directory. However, jest config is not the only place that could have the coverage directory. Nx allows you to define some test options, including the coverage directory.
The PR adds some changes that allows the plugin to detect the coverage directory in the project json and uses it to add coverage files to the sonar scan.
Implement nx release
into workflow for publishing and release notes
Implement Astro & Starlight for documentation site with Diataxis format
I started to handle and play with the NX Sonarqube plugin and I found the following error message while using it on a WSL2 instance with the following configuration :
npm -v
: 9.1.2node -v
: v16.17.1project.json
file{
"name": "my-lib",
"$schema": "../../../node_modules/nx/schemas/project-schema.json",
"sourceRoot": "libs/my-lib/src",
"prefix": "gz",
"tags": ["scope:shared", "type:utility"],
"projectType": "library",
"targets": {
"build": {
"executor": "@nx/angular:package",
"outputs": ["{workspaceRoot}/dist/{projectRoot}"],
"options": {
"project": "libs/my-lib/ng-package.json"
},
"configurations": {
"production": {
"tsConfig": "libs/my-lib/tsconfig.lib.prod.json"
},
"development": {
"tsConfig": "libs/my-lib/tsconfig.lib.json"
}
},
"defaultConfiguration": "production"
},
"test": {
"executor": "@nx/jest:jest",
"outputs": ["{workspaceRoot}/coverage/{projectRoot}"],
"options": {
"jestConfig": "libs/my-lib/jest.config.ts",
"passWithNoTests": true
},
"configurations": {
"ci": {
"ci": true,
"codeCoverage": true
}
}
},
"lint": {
"executor": "@nx/linter:eslint",
"outputs": ["{options.outputFile}"],
"options": {
"lintFilePatterns": ["libs/my-lib/**/*.ts", "libs/my-lib/**/*.html"]
}
},
"sonar": {
"executor": "@koliveira15/nx-sonarqube:scan",
"options": {
"hostUrl": "https://localhost:9000/sonar",
"login": "*************",
"exclusions": "**/*.spec.ts,**/.storybook/**",
"name": "my-lib",
"projectKey": "library:my-lib",
"projectName": "my-lib",
"testInclusions": "/*.spec.ts",
"extra": "SONAR_LOG_LEVEL=DEBUG,SONAR_SOURCES=libs/my-lib/src",
"skipTargetDefaults": false,
"branches": false,
"qualityGate": true,
"qualityGateTimeout": "300",
"skipImplicitDeps": false
}
}
}
}
When I run the following command :
export PROJECT_NAME=my-lib
npx nx g @koliveira15/nx-sonarqube:config --hostUrl ${SONAR_HOST_URL} --login ${SONAR_TOKEN} --exclusions **/*.spec.ts,**/.storybook/** --name ${PROJECT_NAME} --projectKey ${NX_PROJECT_TYPE}:${PROJECT_NAME} --projectName " ${PROJECT_NAME}" --testInclusions /*.spec.ts --extra SONAR_LOG_LEVEL=DEBUG,SONAR_SOURCES=libs/mylib/src
The Sonarqube scan failed because he "Cannot read properties of undefined (reading 'sourceRoot')
The SonarQube scan failed for project 'my-lib'. Error: TypeError: Cannot read properties of undefined (reading 'sourceRoot')
Do you have any idea why he can't find the property sourceRoot
which is defined in the project.json
of the library.
Kind regards,
Thomas
Document how to pass Sonar env variables to the scanner
We're receiving a warning from Sonarcloud that JDK 11 is deprecated for scanner environments
This seems to have been addressed in sonarqube-scanner v3.1.0.
SonarSource/sonar-scanner-npm#53
Would be great to bump the dependency to fix the issue
Thanks
I have an issue with scanning my nx project. Project has following structure:
nx-sonarqube library console logs "Included sources" and in this log there are listed libraries "apps/app1, libs/details-1, libs/details-2" but there is no "libs/list-1" and "libs/list-2".
"libs/list-1" and "libs/list-2" are lazy loaded by angular router. When I move this lazy loading lists to eager nx-sonarqube properrly logs "libs/list-1" and "libs/list-2" in "Included sources".
@koliveira15/nx-sonarqube
SonarCloud supports external analyzers report files such as eslint, stylelint, etc...
Here is the documentation related to external analyzers: https://docs.sonarsource.com/sonarcloud/enriching/external-analyzer-reports/
Amongst all the supported analyzers, I think we can add eslint and stylelint at first.
A boolean option should be added for each external analyzer.
The executor should look for the JSON report output file in the target configuration (lint for eslint and stylelint for stylelint).
I'll try to provide a PR for this feature but it may take a while since I don't have a lot of available time.
sourceRoot
is an optional property for project configurations
https://nx.dev/nx-api/devkit/documents/ProjectConfiguration#sourceroot
A declarative, efficient, and flexible JavaScript library for building user interfaces.
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. πππ
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google β€οΈ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.